As long as all parties follow the protocol, we can achieve decentralized consensus.

## No overspending
## Only accept "digitally" signed transactions
## Everyone has a copy of the ledger with them
## Everyone listens and accepts the ledger with longest length 


Why does this work? To understand that, first comes ....


## Digital Signatures

Let me show you what they are and how they work, 

The goal is to ensure that only the owner can "sign" off on transactions. You don't want anyone else but YOU
spending YOUR money.

### Desired Properties

* Sufficient to prove to any interested party that You have seen the transaction and approved it
* It should be INFEASIBLE to be forged

### Solution

Everyone [generates](https://youtu.be/bBC-nXj3Ng4) a public key private key pair.

In [45]:
from cryptography.hazmat.primitives import serialization as crypto_serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend as crypto_default_backend

# In RSA, this asymmetry is based on the practical difficulty of the factorization 
# of the product of two large prime numbers, the "factoring problem".
key = rsa.generate_private_key(
    backend=crypto_default_backend(),
    public_exponent=65537, # The public exponent of the new key. Usually one of the small Fermat primes
    key_size=2048
)

private_key = key.private_bytes(
    crypto_serialization.Encoding.PEM,
    crypto_serialization.PrivateFormat.PKCS8,
    crypto_serialization.NoEncryption())

public_key = key.public_key().public_bytes(
    crypto_serialization.Encoding.OpenSSH,
    crypto_serialization.PublicFormat.OpenSSH
)


In [46]:
print(private_key)

b'-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDI8pRMEhNCrl5k\nArQ1/kPIC832DFhgiH8PboES+Bjv3EooaKo7QTMmM1pKB77Ygrf6Az/3yyjggQBM\nUemqbTNY35MTbnhsMA8CVeR4YquXUQMxmjghiK4NuVx6mxxc9BRPDoYqNG1LU0s+\ncUXpQYdtO+L5hoh/cznkpvXnuAzSCH2zWjtnkGNcsIsTHo1xeMbePTEod/05pkuC\ntxXuMdz3i5YnpXu7j4o3a13cp6WZYUMvir8s6mYaiH1Wt+d2VzEgPQIsChEfxET0\naWHiqHr6mOXNTjW6cUp8mFneqoFK5mXAghmESrkcd+U/Am/yYrLzyJCSL4crkIej\nAmP/pJ9ZAgMBAAECggEAYVXncYWb4MPXovgQVMsKCB93r4RBVtknOtFbIlYctirt\nnO897h/h59IeHRftYLDI7wid9qho735tJ4rR9aSZp6X8dwAewsDwtD/owEuDNHOg\naWl7YPr03F76JcV2kqwEHls5r73fZwo8u01hAOCl+cp1YkrBWYL1+wTIvmpPg3iP\nru1d0DZ/uDiXJWGBpv0LOLAMCWM9H+WHfjQDsUWAMFl/FKoifZPQOyua3E3NL2YL\nN2NRJm+AgBXsfAnZsDzLtaRFX6Qe7d61T6Y2yA/VBdo2VLpXLwFpuqk2sipdIQcp\nZPkHiZtSCULMgOFHD9T5Zha6JwGPzsr87+lqA+DENQKBgQDm+pL8PWazneFXzo5w\nr9ZJ3QtqVRDvIG9s98XaabCfKQv580y7iTMg9/kJD8dFZcsrX9raQy8nrTMqElCJ\noExmD2fXczvi4H3qKRbCSm3d45DFMe+fjFnfL2U/gGbcqZ5ySQYGZ9C+TW8eyN8z\nM/19A5uRCwdqkrL4aVoaF15HrwKBgQDetzBydwEyRpfJq

In [47]:
print(public_key)

b'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI8pRMEhNCrl5kArQ1/kPIC832DFhgiH8PboES+Bjv3EooaKo7QTMmM1pKB77Ygrf6Az/3yyjggQBMUemqbTNY35MTbnhsMA8CVeR4YquXUQMxmjghiK4NuVx6mxxc9BRPDoYqNG1LU0s+cUXpQYdtO+L5hoh/cznkpvXnuAzSCH2zWjtnkGNcsIsTHo1xeMbePTEod/05pkuCtxXuMdz3i5YnpXu7j4o3a13cp6WZYUMvir8s6mYaiH1Wt+d2VzEgPQIsChEfxET0aWHiqHr6mOXNTjW6cUp8mFneqoFK5mXAghmESrkcd+U/Am/yYrLzyJCSL4crkIejAmP/pJ9Z'


In [48]:
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes

message = b"A message I want to sign. Write anything you want here!!! TIME STAMP IS IMPORTANT!!"
message2 = b""

# Now your signature is a function of your PRIVATE KEY and THE MESSAGE
signature = key.sign(
    message,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)

signature2 = key.sign(
    message2,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)

In [49]:
print(signature) # you can try running this with different message key pairs!
print(signature2)

b'\x06d\xb4\x81\xff3w\x04Fa\xc8\xcex=R:\xd8\xef\x01\xeb\xb7z\xc1\x19\xd1\rRF\xfd\xda\x0f\xe8\x1d\xdd\xf4}X\xd8\x1fS\xe5\r\xa1\xd4\xf4\xcanI+.\x12\xfba\xf8\xe9\xdf\x11\xcd`\xb2\xde?\x02\xaa\xf6\x87\x8bg\x1bo\xa1\xa1\xbc\x17\xd5\xaf\xe8\xce%\x1e\xaa\xbf\xbe:t\xd16d;\xd3bG\x1d\x15\xb8\x85\x89_\x92\xa7\xfd\xdb\xca\x9b\x86\x02\xeb\x86\xe2WhS7\xfc\xce\xb0\x86\xaaR~\x1d\x18oS\x7f\xd8\xee\xb8\\\\"\t/{\xaa\xfdm\x87?\xef\xd1)\xf3+\xc0A\xe0\xe4\xf6{xH\x1f\x86\xe4\xd5\xfc\xd7\xa6j\x02\xb6\xe3 u3=\xab\xe6\x02\x1a\xda\xcbM\xb5\x05\xc8\xca\x9f9\xc7d\x0e\x16\xc0\x94\xe7|\xd6\xfe\x86\xb9{^\xf9V\xa3\x9a\x1cF"\x94\xba\xc5\xa1>k\xf7\x02\\\xf7\x03#!\xc2\xf7|\x92\x03\xcc\\\xfe(\x8a\xbc\x19D)i\xeb\x9d\xaf\xf9\xed\xb2\xe7\xe1\x8e\x06sP6\x85\x03[\xa0\xda\xa9V\x9e\xe6\\z\x88\xd7Y'
b'\x88\xf2t$\xab\x9db\xe24J\xf4\xb0\xf5\x94\xfa\xb8w\xa3o\xb2\x03\xe1\xc4\x1c\x1c\xf9\xe0\x9df\x89\x13\xf44\x11;D]5XE\x976\x85\x14xkq\x98z\x8a\xf0\xc6"\x90gnV\n0\xb7\x9f\xf4\xae\x02\xa8\x9fJ\x10\x0c\xad\x8f\xcaC\xe8\xb4\n\xd7F\x16)N\x

In [50]:
# Now anyone with the public key can verify if this signature is valid
# Verify is a function of PUBLIC KEY, MESSAGE and SIGNATURE
key.public_key().verify(signature,message,
                                 padding.PSS(
                                     mgf=padding.MGF1(hashes.SHA256()),
                                     salt_length=padding.PSS.MAX_LENGTH
                                 ),
                                 hashes.SHA256()
                                )
# Note how no InvalidSignature error is thrown

What this means that anyone can verify if this message was authorised by you, but they cannot fake a signature for any arbitary message. 

The effort to fake a signature is going to require us to try all possible 256 bit signatures and HOPE to get lucky. 

That's $2^{256}$ combinations or $\approx 10^{77}$. Even if it took only $0.0000001$ seconds to test one possibility. It would take $\frac{10^{77} \times 10^{-6}}{3.154\times 10^{7} } \approx 10^{60}$ years. Note that the time since the universe began is only $10^7$ years.

But since we have that secret key we can quickly construct the signature required.

## How to agree on which version of the ledger to believe in?

We decide to accept the version of the ledger that has had the MOST COMPUTATIONAL WORK put into it.

We use Proof of Work as a measure for how much work has been put into constructing each block.


First of all let me introduct the CRYPTOGRAPHIC HASH FUNCTION. We have not yet found a better way to compute in the reverse direction other than just guessing!

![SHA256](https://opencores.org/usercontent/img/1469316774)


A web demo can be found [here](https://andersbrownworth.com/blockchain/hash)

In [102]:
import hashlib
message = "This is my message!! Can you find the proof of work?"

hashlib.sha256(bytes(message, 'utf-8')).hexdigest()

'ea57bf123708683601614b6b23dec02c8cd9ed0439d7916c7a86921303857ba3'

In [105]:
%%time

import itertools

# Now we want n zeros at the starting.
n = 6
# length of proof of work - larger means wider search space
m = 4

uniqueChars = '!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~'
for i in map(''.join, itertools.product(uniqueChars, repeat=m)):
    digest = hashlib.sha256(bytes(message+i, 'utf-8')).hexdigest()
    if(digest[:n] == '0'*n):
        print("Found it! the hash of \n")
        print(message+i)
        print("\n is ->\n")
        print(digest)
        break

Found it! the hash of 

This is my message!! Can you find the proof of work? )4`R

 is ->

000000ffd1e98889652a06016bb341c037c568d634cf60e1c39f8a5a7fc825dc
CPU times: user 9.36 s, sys: 0 ns, total: 9.36 s
Wall time: 9.36 s


This task I am doing above, playing a lottery of sorts to find that special string which gives me $n$ zeros. That is what MINERS do!! 

They get paid a block reward for every block added to the ledger. This is also how "money" is created and new Bitcoins appear in the world.

![block reward](https://blog.changelly.com/wp-content/uploads/2019/09/btc-supply.png)

This coming may the reward will go to 6.25 BTC from 12.5 BTC


So the hash we found will be used in the starting of the next block. So the proof of work found the next block will become invalid if ANY preceding block is changed.

![img](https://i.imgur.com/z8DesmG.png)